Skip to main content

À la carte phone hacking is scary, but it’s better than a government backdoor

Another day, another hack by the Israeli firm that’s become a go-to for exposing what’s happening in various high-profile targets’ phones. If you haven’t heard of Cellebrite yet, it’s because you’re not Jeff Bezos, Lev Parnas, or a criminal whose phone the FBI would very much like to access.

The company has hacked several phones on behalf of the U.S. government, and in the Bezos case, was actually used by experts at the United Nations to analyze how, exactly, the Amazon founder’s phone was hacked.

Cellebrite is not the only name in the game: There’s also the much shadier NSO Group, which experts suspect has been hired by authoritarian regimes to spy on journalists and dissidents. GrayKey, Paraben, Blackbag, and MSAB have also all sold their phone-hacking tech to at least two dozen law enforcement agencies around the U.S., according to a report by OneZero.

That report revealed in stark detail just how widespread the use of this type of phone hacking tech has become across the country: It is truly possible for most law enforcement agencies to access the phone of just about anyone, if they so wish.

Yet the U.S. government, from President Donald Trump to the FBI, continues to demand that Apple and other tech companies provide authorities with an encryption backdoor — an idea that privacy advocates all agree is an extremely bad one.

“I would rather see this than mandatory backdoors,” said Ron Gula, in reference to having companies like Cellebrite in operation. Gula is a former National Security Agency white-hat hacker who now invests in up-and-coming cybersecurity companies in the D.C. area. “Of course, I would rather there be no vulnerabilities at all. But this is a world were law enforcement relies on vulnerabilities to do intelligence gathering, and I want them to focus on that, and not mandatory backdoors. Otherwise, we’re China.”

Rosa Smothers, a former CIA analyst who is now the senior vice president of cyber operations at KnowBe4, a provider of digital security awareness training, said she “1,000% agrees” with Gula’s assessment. “The government has to weigh the benefit of that kind of exploitation and whether it’s worth that kind of security damage,” she told Digital Trends.

“We should all be very concerned about people getting into digital devices,” said David Harding, senior vice president and chief technical officer at ImageWare, a biometric digital security company that works in both the private sector and with the government. “And we should all be very concerned about a government that has everybody’s information readily accessible.”

Why Cellebrite matters

Cellebrite is truly the 800-pound gorilla in the industry, according to Smothers, which is why its name keep popping up in so many cases. “They’re the most user-friendly,” she told Digital Trends, which is useful for police precincts that might not have the time or resources to train up their offices on very technical software. (Cellebrite told Digital Trends that it “cannot comment on specific cases.”)

cellebrite machine
An engineer shows devices developed by the Israeli firm Cellebrite that can hack a locked smartphone and pull the data from it. Jack Guez / AFP via Getty Images

Companies like Cellebrite rely on finding existing vulnerabilities in operating systems and software to provide access opportunities into phones (and they keep those a secret, so companies like Apple don’t get wise and patch them). As those vulnerabilities are updated, these companies must also update their methods. An encryption backdoor would eliminate the need for these kinds of constant updates, and would make it easier to actually read any images that police had taken off of a phone. “They are only as successful as the availability of these vulnerabilities,” Harding said.

The legality of all of this is still extremely fuzzy, said Harding. Every state has its own regulations, and they’re changing all the time: some states will allow police to take someone’s biometric data but not a password, for example. “It’s a bit patchwork in this country,” Harding said.

For now, an average person on the street should probably assume that their phone can and has been accessed by some random tech firm. “We’re all only a few degrees away from someone interesting,” Gula said. “Everyone’s got something to steal.”

These companies all advertise strictly to law enforcement — for now. Smothers said it should stay that way. “Yes, we want to be able to seize the phones of terrorists from Afghanistan or Syria, and see what they’re planning,” she said. “But the reality on the ground is, if the government starts introducing purposeful backdoors, every intelligence agency in the world will be full-court press to get into those phones. You’ll be ringing the dinner bell.”

“It’s really unfortunate that there might be terror cells in the U.S.,” said Gula. “But the threat of someone with a gun who might be part of a terrorist group doesn’t rise to the occasion of needing to put a backdoor on everyone’s phones.”

Editors' Recommendations

Why this unknown folding phone is more exciting than the Z Fold 4
Opening the Tecno Phantom V Fold.

The Tecno Phantom V Fold is evidence that making a folding smartphone is a big challenge. But don’t take this to mean I hate it and am about to write a lot of words rubbishing it. It’s quite the opposite.

This is a folding smartphone from a brand you’ve probably never heard of, but seeing as brands you do know still haven’t bothered releasing a big-screen foldable, it’s one that deserves both our applause and attention. This is why.
Tecno Phantom V Fold: specifications

Read more
The EU is preparing an App Store change that Apple won’t like
App Store displayed on an iPhone 14 Pro against a pink background

The EU is narrowing its focus on Apple's App Store, a new report says. Coming from the Financial Times, which cites three sources familiar with the matter, the body now plans to focus on Apple's ban against linking to subscriptions off the App Store. The EU confirmed this report in an update to its statement of objections shared on Tuesday morning.

Where this policy might have been merely annoying at first, the color of it changed once Apple began offering competitors to rival services it had banned from advertising in the store.

Read more
Google just announced 9 new features for your Android phone and watch
Samsung Galaxy S23 showing Google Photos

Google has announced some big new features coming to Android and Wear OS devices during the Mobile World Congress 2023 event in Barcelona, Spain. These new features are beginning to roll out starting today, February 27, with others to come later.
New Android features available starting February 27

Google Drive users will now be able to do freehand annotation on Android phones and tablets. This means you are now able to use a stylus or your fingers to annotate PDFs directly in the Google Drive app on Android.

Read more